Security at the speed of business 

How organizations can gain visibility across attack surfaces: insights from PwC’s own journey

Today’s cyber threat actors are harnessing AI and cutting-edge tech to strike faster and navigate networks with startling agility. Armed with these capabilities, nation-state adversaries and cybercriminal groups can spot vulnerabilities in legacy systems with newfound speed and precision. This leaves defenders struggling to keep up and attackers emboldened. 

Staying ahead of threat actors means having a clearer view across complex and interconnected cloud-based and legacy-driven environments. Older applications and system vulnerabilities can be difficult to track, and if not patched consistently, they’re an open invitation to intruders. Meanwhile, cloud configuration and integration gaps remain foundational challenges for organizations to solve, made harder with AI-enabled adversaries raising the stakes.

Key findings in PwC’s 2026 Global Digital Trust Insights survey reinforce these ongoing concerns:

• Cloud-related threats ranked as the #1 cyber threat organizations are least prepared to address  

• Legacy systems and supply chain are the top 2 vulnerabilities, with more than half of respondents saying their organizations are, at best, only “somewhat capable” of withstanding cyber attacks targeting those areas 

Organizations may have different or unique areas of concern, but the response in all cases should be grounded in foundational security practices—the cornerstone of effective cyber defense. When every organization strengthens its own security, our shared digital ecosystem becomes more resilient. Collective defense starts with individual strength. 

You can’t secure what you can’t see. So how can organizations gain visibility across attack surfaces to help uncover vulnerabilities and detect threats? In most environments, the challenge isn’t the absence of signals. It’s that alerts appear in different places, at different times, flagging different issues, which makes it harder to discern what’s related, what isn’t, and where patterns may be emerging. Not having a unified view to make sense of these alerts and quickly prioritize risks can open the door to larger-scale disruption. 

Many organizations still rely on legacy technologies, which present a larger attack surface and target-rich environment for cyber threat actors. In addition, security settings are often fragmented across tenants and workloads, making it hard to identify and retire these vulnerable components.

But cybersecurity requires a thorough understanding of your risk and the constantly evolving threat landscape, so you can invest in proactive security measures before a crisis happens. While you could manually hunt for each of these vulnerabilities today, some solutions in the market can help identify and reduce your exposure to legacy tech that spans multiple environments. 

The potential outcomes? These types of capabilities could help accelerate risk reduction, increase security for business environments, and simplify compliance. 

With its size and complexity, PwC itself is an organization facing potential legacy vulnerabilities. To help strengthen its security posture, PwC recently piloted a just-released Microsoft feature called Baseline Security Mode (BSM). This solution provides a configuration framework for enterprise Microsoft 365 (M365) environments to help stay secure in an era of unprecedented tech advances and novel cyber threats.

BSM prioritizes 20 focus areas selected by Microsoft based on its research and analysis of M365 attack data. These focus areas are almost all legacy and commonly exploited configuration settings that are most often used by attackers.

In a single dashboard, BSM shows the most important settings to address today. These include applications still connecting through exchange web services and legacy or ancient file formats still running. For example, a centralized, organization-wide view of the minimum security baseline configuration standard for enterprises could enable an organization to understand security posture, evaluate recommended enhancements, and apply changes centrally across environments.

So what did we learn?

We found that BSM successfully executed its core function. It provides a centralized control system, where historically these settings had to be applied across multiple locations. Through BSM, PwC gained centralized visibility into the organization’s legacy settings and access to simple shutoff switches that block features globally.

Over half of the feature’s recommendations were higher impact suggestions for our environment. We put these recommendations through our change management processes to plan for their remediation. To understand potential consequences, we reviewed the impact data on a regular basis. Outside of the feature, we coordinated and aligned with business owners to enable a smoother rollout of BSM recommendations.

How did we operationalize it?  

While BSM generated the necessary data, we recognized that our clients would need a clear, actionable path forward. Informed by our own experience, we developed several complementary capabilities: 

• A tech-enabled BSM solution with automation to help clients better consume data, prioritize remediation efforts, and monitor risk reduction. This customized tooling and dashboarding solution will help to analyze BSM data to progressively reduce overall risk and track that reduction over time. 

• A center of excellence for skilled resources and rollout assistance across the lifecycle. This one-stop shop will help our clients succeed in their BSM journey.

• Tailored playbooks and procedures to guide the rollout of BSM recommendations, based on our experience.  

With our experience and these solutions, we’re able to help organizations operationalize and improve the use of BSM and similar features, turning insight into impact. 

Organizations now have a means to quickly identify legacy vulnerabilities. Features like BSM can help readily arm security teams with a proactive blocking mechanism that prevents future use of risky legacy components.

With auditors’ and regulators’ increasing scrutiny into how companies safeguard their environment, that added effort can quickly become a strategic advantage, not just a compliance requirement.

Investing in proactive measures, like BSM, is crucial in today’s hyperconnected world, where one organization’s weakness can affect many. Foundational security is no longer just an internal priority; it’s a collective imperative. As the strength of the whole depends on every single link, improvements across the ecosystem can help elevate the baseline for us all.